Sophos’ Secure by Design 2025 Progress
We are pleased to openly share our pledges and the progress we are making in each of the seven core pillars of product security in the Secure by Design framework
Similar Posts
Some lower-tier ransomware gangs have formed a new RaaS alliance — or have they?
Bys sWe’ve seen a few announcements this year heralding cartels or alliances in the ransomware ecosystem. Two such announcements involved DragonForce, but as SuspectFile reported, there was no evidence of a cartel, and at least one of the named groups flat-out denied joining one. Today, there’s another alliance announcement. The Stormous group announced: Important Announcement Regarding……
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
Bys sA privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). “The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai security researcher…
Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations
Bys sItaly’s data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data. The fine comes nearly a year after the Garante found that ChatGPT processed users’ information to train its service in violation of the European Union’s General Data Protection Regulation…
18 Arrested as Gurugram Call Centre Data Leak Fuels Massive SBI Credit Card Scam
Bys sThe420.in reports: The Delhi Police have arrested 18 individuals for duping State Bank of India (SBI) credit card holders of nearly ₹2.6 crore [USD $296,630.45] in a nationwide fraud. The operation, which ran for six months, relied on insider leaks at a Gurugram-based call centre and a sophisticated money-laundering network that spanned cash deals and……
Qilin Ransomware Affiliate Panel Login Credentials Exposed Online
Bys sKaaviya reports: A significant security breach within the Qilin ransomware operation has provided unprecedented insight into the group’s affiliate network structure and operational methods. On July 31, 2025, internal conflicts between the ransomware group and one of its affiliates led to the public exposure of sensitive operational details, marking a rare glimpse into the inner…
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
Bys sGoogle on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution…